Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Data Storage Privacy

Web-Based Private File Storage? 467

steve802 writes "Recently, someone died in our company, and word is getting around that the admins who were given access to his Outlook account have found personal things that are embarrassing at best (the rumor mill differs on what was found). No matter, it raises a question. I have personal stuff in Outlook folders that I would not want someone in IT to see if I suddenly dropped dead: emails to the wife, photos of the kids, that kind of thing. I also keep a journal at home that I save to a server; personal reflections that I never want anyone else to see, especially if I die. So I was thinking that some sort of web-based storage for files, individual emails, and perhaps even Outlook folders would be perfect. All my most private personal stuff in one place. I found CryptoHeaven, which seems to offer some of what I'm looking for — but it is pricey. I'm willing to pay, but something less than $400/year would be nice. Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"
This discussion has been archived. No new comments can be posted.

Web-Based Private File Storage?

Comments Filter:
  • Freenet (Score:3, Interesting)

    by Wonko the Sane ( 25252 ) on Friday August 06, 2010 @01:14PM (#33165482) Journal

    Slow, but very secure.

    • Re:Freenet (Score:5, Interesting)

      by Mordok-DestroyerOfWo ( 1000167 ) on Friday August 06, 2010 @01:27PM (#33165718)
      Any web service, just create a TrueCrypt [truecrypt.org] container. As long as you sync the container between your computers regularly it shouldn't be an issue. I've been doing it this way for about 3 years now (I keep all of my important data there for when I'm on the road). Works perfectly fine with Windows and Linux.
      • Re: (Score:3, Informative)

        I have Chrome, Thunderbird, my MP3 player and DropBox on TrueCrypt partitions.

        Computer is PowerCycled and it's "gone". Since speed isn't a huge factor I went paranoid and went with AES-Twofish-Serpent. Good luck recovering my stuff.

        I use DreamHost [dreamhost.com] for my mail/webserver. They're not 5-9s but they're cheap and still seem like they are a "small company". Plus they wrote Ceph [newdream.net], (distributed/scalable file system, which merged into 2.6.34.)

        I'm sure you could write cron script or something to run on the shell to do

  • Separate them (Score:5, Insightful)

    by Anonymous Coward on Friday August 06, 2010 @01:17PM (#33165522)

    Dont use personal info on work systems. Often time anything in there is usually subject to scrutiny.

    • Re:Separate them (Score:5, Informative)

      by shentino ( 1139071 ) <shentino@gmail.com> on Friday August 06, 2010 @01:22PM (#33165648)

      Indeed.

      Best solution to keeping your boss out of your personal stuff? Don't do personal stuff on company time.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Absolutely. Never, never, never, never use your employer's computers for personal stuff. At all. Period. That computer is your employer's, and anything you put on it is also his. Whether that is strictly, legally true is immaterial. In practical terms, it is.

      You keep personal reflections in a journal that you never want anyone else to read, ever? Then, don't write it down. Duh. Anything you really don't want your survivors to ever under any circumstances see--physically destroy it. Don't have phys

    • Re: (Score:3, Interesting)

      No shit. I swear some people can be amazingly stupid. I once had a guy call me when he had trouble sending an email. "Subject: Re: Re: Re: Re: I wuv my snookums." "Body: I can't wait to see you again..." (That's where I tuned out and flipped on the blinders.) Now if this had been Mrs. VP, that's no big deal, tho still the kind of thing that shouldn't go in the corporate email archive. But the address was not Mrs. VP. It was Mr. VP's former assistant. And the guy KNEW it was going in the archive b

  • Why does it have to be web based? If the only requirement is absolute privacy, TrueCrypt will suffice.
    • Because he was talking about computers at work? I doubt most companies are going to let you encrypt the hard drives on your work computer to block them from seeing what's on it.

      • by NFN_NLN ( 633283 )

        Because he was talking about computers at work? I doubt most companies are going to let you encrypt the hard drives on your work computer to block them from seeing what's on it.

        You don't need to encrypt an entire drive. You can encrypt a binary blob (file) and then pass it around to HDD, USB, email, web etc.

        In fact, why would you trust an online service for privacy. Just use any old online service to store your encrypted blob.

        Case closed:

        Beginner's Tutorial
        How to Create and Use a TrueCrypt Container

        http://www.truecrypt.org/docs/?s=tutorial [truecrypt.org]

      • Yes, but it's still THEIR computer. Just use ssl/gmail for your personal crap, and PGP/encrypt your stupid personal thought from people who are most interested in them. Which is the crux of the biscuit; people who really care will circumvent your encryption anyway. and get at that juicy data you have there. Just write it in a journal, then burn it. What is so special about our private thoughts that make us write them down in case we forget them later? Just think more! I'm going to lunch now. Don't ne

      • Why can't you just encrypt a thumb drive? Or use one that has built in encryption (eg. an Ironkey)?

  • Translation (Score:3, Insightful)

    by grahamsz ( 150076 ) on Friday August 06, 2010 @01:18PM (#33165538) Homepage Journal

    I think you mean "emails to the wife, photos of the wife, that kind of thing"

    • Re: (Score:3, Funny)

      by bsDaemon ( 87307 )

      Unless someone who hated him uploaded some photos of someone else's kids in an attempt to frame him...

  • by Maarx ( 1794262 ) on Friday August 06, 2010 @01:18PM (#33165550)

    Web-Based Private is an oxymoron. Why does this have to be web-based?

    It would be pretty trivial to set up a Linux distro with two hard drives, one with the simple operating system and the other an encrypted drive with a passphrase, and set up the OS to nuke the second drive if the current time is ever greater than three months from the last time the passphrase was successfully supplied.

  • Work account? (Score:5, Insightful)

    by The MAZZTer ( 911996 ) <megazzt&gmail,com> on Friday August 06, 2010 @01:19PM (#33165564) Homepage
    Solution: Don't do personal stuff on your work account...
  • by mschoolbus ( 627182 ) <travisrileyNO@SPAMgmail.com> on Friday August 06, 2010 @01:21PM (#33165604)
    They can already read your emails..
  • On a more serious note.

    1) Kill switch is unnecessary. If it's a paid service then it'll purge when you stop paying the bill

    2) I've been playing with tarsnap lately and i'm pretty impressed. You use it just like tar but it uses a private key to store the results on their server. They can't see what you store and it intelligently tracks diffs so if a file appears in multiple archives you don't need to transfer or pay for it after the first time.

    3) Something like mozy or jungledrive would surely be easier to u

    • 1) Kill switch is unnecessary. If it's a paid service then it'll purge when you stop paying the bill

      Two problems there. 1) It's highly unlikely that it'll immediately purge. It'll probably just disable access and keep the files around for a good while.

      2) Depending on his account setup (PARTICULARLY if he's autodrafting from an account that is shared with his wife), then the auto-bill could go on for a significant amount of time beyond his death. If on a debit card, then several years until it expires. If it's straight out of a checking account (I have some loan payments setup this way), then it could

  • Why? (Score:5, Insightful)

    by quarkoid ( 26884 ) on Friday August 06, 2010 @01:22PM (#33165642) Homepage

    I've got to ask the question, but... why?

    I mean, if you don't want anybody to find this stuff when you're dead, why bother collecting it when you're alive?

    And for the 'pictures' of the wife, what's wrong with a Truecrypt store?

    • Mod parent VERY insightful.
      If I die, i don't give a shit how people are going to perceive me if they find my not-that-secret porn collection or whatever they would loathe. Because I'm dead!
      What makes the poster ask such a question?
      Is it fear that his family will think differently of you post-mortem? Well, my friend, if you have such deep and ugly secrets towards your family, then sorry to say, doesn't sound like a family to me.
      Is it fear that society would make you a pariah post-mortem? Whet do you care
      • Re: (Score:3, Insightful)

        by stdarg ( 456557 )

        Is it fear that society would make you a pariah post-mortem? Whet do you care? Death is forever, the last thing you'll do in your life :)

        It might be uncomfortable for your still-living family. Why would you not care what happens to your family after you die? Do you also think people who buy life insurance are dumb?

    • Re:Why? (Score:4, Insightful)

      by stdarg ( 456557 ) on Friday August 06, 2010 @02:11PM (#33166542)

      After he's dead, he still doesn't want people to know because it'll reflect badly on him and make people he's close to feel bad or uncomfortable?

      I mean just because you'll be dead doesn't mean that you, now, alive, can't think of other people's feelings and how future revelations will affect them.

  • Encryption + online storage. You can use openssl, truecrypt or whatever you like for encryption and, say, Jungledisk for online storage. Problem solved. Unless you think your colleagues will mount a 1 trillion entry dictionary attack against the file that they illegally recovered from your personal online storage after your death. In case of which you should perhaps look for new colleagues.

  • Run a server out of your house. Use linux with truecrypt and SELinux enabled. Access it through ssh if you need to from a remote site.

  • Do what I do. Store the unhallowed debris of your grimy little soul in a true crypt file. When you shuffle off to meet your maker the passphrase goes with you. Need web access, put it on dropbox.
  • by TehZorroness ( 1104427 ) on Friday August 06, 2010 @01:24PM (#33165672)

    When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character. A lot of crazy shit happens in a lifetime, someone may really appreciate you leaving a book of your reflections behind.

    • by theJML ( 911853 )

      You may not want everything in that book though. Don't want to slander yourself with something that may have only been a passing thought or thought exercise and is afterwards taken completely out of context.

      While I agree with you, it might be best to have an easily found diary/journal/captain's log/whatever for your relatives to find upon your passing, perhaps even including said location in your will.

    • by MikeFM ( 12491 )

      I don't see what people could be doing that is so embarrassing anyway. Unless you are taking photos of yourself dressing as a wolf and having sex with real sheep it's probably nothing that most the people around you aren't doing too. I really don't see the whole paranoid need for privacy. Who cares if everybody else knows that you're just like everybody else? It's probably healthy to stop worrying that you'll be found out.

      That said, why not just use an encrypted disk image? Mac OS and Linux have built-in en

      • I don't see what people could be doing that is so embarrassing anyway

        Well, you could be hoping for some revenge from "beyond the grave" by spreading lies (or even truths) about family members you disliked.

    • someone may really appreciate you leaving a book of your reflections behind.

      reading people's tweets would indicate otherwise. Unless you are a particularly talented writer, most personal reflections are the most turgid and self-indulgent nonsense imaginable.

    • And it's not like it'll have serious repercussions on your death.
    • by Angst Badger ( 8636 ) on Friday August 06, 2010 @02:44PM (#33167054)

      When you die, your writings and works are the only thing left of you. They are the only way for someone to try to dig deeper into your mind and build up an understanding of your true character.

      Thanks, but I don't owe that to anyone. Period. The very thought of someone having unrestricted access to my private writings makes me feel physically ill. And it's not because I have any unusual skeletons in my closet, it's because that access would be a total violation of my personal boundaries. You're welcome to what I choose to share while I'm alive, and I share quite a bit, but I don't belong to you or anyone else. Quite frankly, I like the idea that I'll be completely erased by death. Having spent my entire life with claims placed upon me by family, employers, government agencies, creditors, and countless social organizations, it is no small comfort to know that something will escape the insatiable demands of my fellow man.

    • Comment removed (Score:4, Informative)

      by account_deleted ( 4530225 ) on Friday August 06, 2010 @03:06PM (#33167364)
      Comment removed based on user account deletion
  • If you want to access the info anywhere, but keep the files private, you could store them on a USB drive instead. That eliminates most security holes, and you could easily encrypt the files for even better security.
    This also gives you the option to launch applications from the drive (I use FirefoxPortable, for instance), ie. applications that you control instead of the company. That still leaves the possibility of the company snooping on any connections you make, unless you encrypt those.

    Keeping personal st

  • First of all, keep your business and personal data separate, or at the very least keep your embarrassing personal data separate.

    Secondly, don't upload shit you want to keep private to any web service. They may not be honest, but even if they are they could still be hacked. Use truecrypt on a USB drive you keep with your car keys. For backups, upload the encrypted file container from your USB disk to any random online file storage periodically.

    Thirdly, don't worry about being embarrassed after you die. You'l

  • So, I'm looking for something to be absolutely private and secure...
    "So I was thinking that some sort of web-based storage for files..."

    Yeah. That was my first thought too. "Lets put them on the internet."

    How about,
    1) don't access absolutely private stuff at work.
    2) store it on an encrypted drive
    3) consider putting instructions in your will that it be destroyed

    Other than that, as for a dead-mans switch type thing. Seriously? You'd seriously prefer continually risking losing the documents forever over the sl

  • This is about the easiest problem in the world to solve. If you don't want corporate IT in your personal business, then don't do your personal business on those systems. You have no expectation of privacy on work computers. Anything you don't want them to see, do it AT HOME on your own system.

  • ... and you'll have nothing to worry about :-)

    I keed, I keed!

    First off, anyone who keeps incriminating material on a work computer is ot-nay oo-tay ight-bray.

    I do keep a series of rather personal and private journals on my home computer, password-protected. There is some stuff that I've written there that's not meant for anyone else to see, ever.

    Other than that, I don't think anyone would be too interested in the vast collection of stuff on my computer - some of which has followed me from computer to comput

  • I never left personal files or data on the computers at work. I would shunt anything personal to a server I had running at home. For any personal journal writing or private data, I would SSH into the server and create it there. I went to great pains to ensure that I left nothing personal or private on the company's property.

    I'm not comfortable storing sensitive personal information off site with some online service. My preference is to store important data in a small RAID I set up in a fireproof area in my

  • They can already read your data and email now. Why is it more embarrassing for them to read the stuff after you die than before?
  • Don't use your work email for private and personal stuff. D'oh!
  • Discretion? (Score:5, Insightful)

    by Xacid ( 560407 ) on Friday August 06, 2010 @01:36PM (#33165874) Journal

    I'm kind of surprised I haven't seen any comments on the bigger issue - the IT folks entrusted with this data who let data leak (or at least rumors of the content). As a system admin - if you're at that level you're already not trustworthy enough to keep that postion and would probably be reassigned depending on the severity. Understandably if it's something illegal then it needs to be report it but even still - discretion is still required. It's no one else's damned business.

    Compare this to your HR person - would you like them to spill your SSN randomly here and there? Just because the guy is dead doesn't mean his data requires less care.

    Anywho - as far as technical solutions 1) don't put personal stuff on a work computer, 2) even some web space and an ftp account should be nearly sufficient if you just need a place to store files remotely that isn't easily accessible.

    • Re:Discretion? (Score:5, Interesting)

      by JumpDrive ( 1437895 ) on Friday August 06, 2010 @02:37PM (#33166944)
      In our work area, what has happened is information has gone from the CEO to a VP and then to everyone else. Then IT gets blamed for the rumor.
      First time it happened, I was thinking "Do you think I'm a dumbshit", second time it happened I realized IT was going to be blamed for their knitting circle talk.
      After that I just started pretending I don't see it.
      But if it ever something seriously illegal, I'll tell law enforcement.
      Other than that I don't want to add to the knitting circle talk.
    • Re: (Score:3, Insightful)

      by fermion ( 181285 )
      I would have to respectfully, and completely, disagree. Work computers are for work. The company is responsible for the machine, and to some extent what is done with it. If the IT staff let a rumor fly, it may well have been strategic to remind the staff that what is on their computer is not private.

      Given the naivety of the question, it is clear such a reminder was justified. The question implied that no one knows exactly what was on the machine, porn, naked pictures of the spouse, naked pictures of a l

  • Take the personal shit off, now, because you don''t need it there. Backup and store elsewhere.

    Don't put anything but business correspondence on business systems, and don't put anything unencrypted on email you don't want to see on 4chan.

    I don't use my workplace email. I use a webmail address so my correspondence follows me if I leave. Not an option for everyone, but nice so you can't get locked out by accident or intent. All my browsing at work is done using Firefox Portable, copied to USB key, and archived

  • "I have personal stuff in Outlook folders that I would not want someone in IT to see..." Stored AT your IT department. As 100 people here have said, solve that problem first.
    • When you're done with that, whichever program or setup you choose, get a good password. Do something you remember well, like your name. Then use the key to the upper-right of that key... so if your name was Jacque Strappe, you drop the space, and it's iwf284e65w--4 or something like that. Cool? Now go hide your blackmail stuff on a key. Use AES. If you have a mac, use knox.
  • You'll be dead, after all. We are all food for worms. Get over it.
  • I only do work stuff on work email. I have personal emails accounts to do personal stuff, all web based. Many people use gmail for this. It is not private, and after one dies it might not go away, but unless one is important no one will really have a reason to look at it. Certainly your local sys admins will not have access to it, unless they are just nosy and can get your passwords, but that is an issue with any solution, which is why the paranoid don't even use company machines for personal business.
  • by koan ( 80826 )

    Why do you have things on your computer that you don't want people to see, and they aren't encrypted or otherwise protected?

    Sorry just can't get past that question.

  • by Call Me Black Cloud ( 616282 ) on Friday August 06, 2010 @01:43PM (#33166022)
    I recommend Windows Home Server. Of course, it integrates perfectly with your Windows machines (since you're running Outlook you have at least one) and is the best backup and recovery solution I've been able to find for home use (you can roll back individual files). You can have folders mirrored on different drives, and you can control who has access to what folders.

    Additionally, through the magic of dynamic DNS you can access your files through the Internet. You get a subdomain off homeserver.com which allows you to check the status of the server, upload or download photos, and if you have expensive enough versions of Windows on your machines at home you can control them via Remote Access.

    I've used other NAS solutions for years at home, and I don't regret switching to WHS at all. FYI, I built my own server and installed WHS myself - I didn't buy one off the shelf, though you certainly could if you're not into building computers.
  • I only exchange emails with my wife and friends using my gmail account.

    Clean house in your work email and stop doing that.
  • With PogoPlug, you control your file storage. If you buy a Sandisk Freeagent Dockstar then you get a free lifetime subscription.
  • Rule: Do not write down stuff you don't ever want anyone to read.
    (See U.S. Military vs. Wikileaks current events.)

    Corollary: Don't save porn/ you don't ever want people to find.

  • Instead of using Web based measures, what about a cryptographic token and TrueCrypt? This way, someone had to have the token, know the token's password, and have the TC passphrase and volume. If someone guesses the passphrase on the token too many times, it goes boom and there will be no access for anyone, which may be what is wanted.

    Another option is to build a custom file server with Windows Server 2008 or Windows Server 2008 R2, enable TPM + PIN + USB flash drive, and use BitLocker. This way, for some

  • If you are storing personal data on the company mail server you are an idiot. If you are accessing personal data from a company machine that is not much better.

  • Best would be a service with a dead-man's switch, so that if I don't access it in, say, three months, it auto-purges. Any thoughts?"

    Don't leave the country.

    Don't let an auto crash leave you in a coma.

    Don't be trapped on the Gulf Coast in hurricane season.

    Dead doesn't always mean dead-dead. It can mean nothing more than that you or your files have become temporarily inaccessible.

  • by gandhi_2 ( 1108023 ) on Friday August 06, 2010 @01:59PM (#33166308) Homepage

    photos of the kids

    If you are afraid IT will see pictures of your kids, either you got ugly kids or you took the wrong kinda pictures.

  • 1) do not store anything private on company hardware, not on your pc on your desk, not on your laptop you take home, not on your blackberry. Doesn't matter if you encrypt or not. Do not do it. You have no right to privacy when using company hardware.

    2) regardless of where you store your private data, do not access it from company hardware, at home or at work. No form of security is effective if you're accessing it from hardware you do not control. Clearing cookies/history or using a "portable private b

  • A simple PHP application running on a LAMP or LAPP server can easily be created to upload files and encrypt them with a custom SSL certificate using openssl. I did a demo for something very similar for a client.

    Of course there are many avenues of risk between the upload to encryption path and the decryption to download path. Some of the risk can be reduced by choosing the right hosting method.

    The cheapest solution would be free web hosting for the application but I am not sure they will have an SSL connecti

Your own mileage may vary.

Working...